Krebs on Security

In-depth security news and investigation

Posts Tagged: emergency patch

Microsoft today released an emergency security update to fix a critical flaw present in all supported versions of Windows. The patch comes as virus writers are starting to ramp up attacks that leverage the vulnerability.

There are a couple of things you should know before installing this update. If you took advantage of the “FixIt” tool that Microsoft shipped last month to blunt the threat from this flaw, you should take a moment now to undo that fix. To do that, visit this link, then click the image below the “Disable Workaround” heading, and follow the prompts. You will need to reboot the system before installing the official fix released today, which is available from Windows Update.

The patch issued today carries the Microsoft Knowledge Base (KB) number KB2286198, in case you’ve just run Windows Update and are checking to see whether this update is available to you yet.

You will need to reboot after installing the patch. After I applied this patch and rebooted the system, Windows Explorer stalled, leaving Windows unresponsive. After a forced restart (powering the system off and then on again), my 64-bit Windows 7 system booted into Windows normally.

When this vulnerability was initially disclosed, it was only being used in targeted attacks online. However, as Microsoft warned and others have confirmed, this vulnerability is now showing up in more mainstream attacks. Please take a moment to apply this update today if you can, particularly if your Windows system is not already protected with the FixIt tool mentioned above.

More information on this update is available from the Microsoft bulletin. And as always, please leave a comment below if you experience any problems installing this update.